search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
2.89k stars 402 forks source link

Support ability to query GCP metadata in Fleet #19843

Open ddribeiro opened 2 months ago

ddribeiro commented 2 months ago

Problem

As a Fleet user, I'd like to build queries that can return information about GCP instance metadata like I'm able to do with my Azure and E2 instances today.

There is an open issue at osquery to add support for a gcp_instance_metadata table, but there has not been any activity on it in over a year.

Potential solutions

  1. Add gcp_instance_metadata table to Fleet data tables so GCP instance metadata can be queried the same as Azure and E2 instances can be today.
  2. The Github issue suggests metadata for a GCP instance can be collected with a curl command which means it could potentially be scripted. This solution is not ideal as data could not be obtained in the same way as Azure or EC2. Additionally, the curl osquery table cannot be used as a workaround since GCP requires Metadata-Flavor: Google as a header and the curl table does not support headers.
noahtalerman commented 2 months ago

Hey @ddribeiro thanks for tracking this one.

The plan is to weigh it at the next feature fest on 2024-06-20.